https://www.scmp.com/tech/tech-trends/article/3255271/ransomware-jeopardises-hong-kong-logistics-and-financial-services-report-finds-amid-surge-attacks

Palo Alto Networks’ Wickie Fung, managing director for Hong Kong and the Greater Bay Area, and Felix Cheng, head of systems engineering, at a press conference on the rise of ransomware attacks on March 13, 2024. Photo: Kelly Le

• Financial services and logistics were the hardest-hit sectors in Hong Kong, while manufacturing was the most impacted across Greater China by ransomware
• Ransomware payouts, typically done in cryptocurrency, reached new highs last year, but median payments fell possibly due to effective negotiation tactics

Listen to this article

Financial services and logistics were Hong Kong’s hardest-hit sectors by ransomware in 2023, a new study has found, in a year when such attacks spiked as criminals adopted new tools like those using artificial intelligence (AI).

Cybersecurity firm Palo Alto Networks identified 3,998 posts from ransomware groups on websites for leaked information, a 49 per cent increase over 2022. Hong Kong’s two largest industries were the most targeted for extortion, Wickie Fung, Palo Alto Networks’ managing director for Hong Kong and the Greater Bay Area, said during a press briefing on Wednesday.

As a finance hub, Hong Kong’s banks and other financial institutions possess “vast amounts of valuable data”, which make them “hot targets for multi-extortion attacks” by ransomware gangs, Fung said.

ChatGPT-aided ransomware in China results in four arrests29 Dec 2023

Manufacturing was the most impacted industry across the Greater China area, the firm found. This industry typically has limited visibility into its operational technology systems, Fung said, contributing to cybersecurity vulnerabilities.

Ransomware typically involves the theft or encryption of private data with a threat to release or delete that data unless a ransom is paid, typically in cryptocurrency. Blockchain analytics firm Chainalysis found that at least US$1.1 billion in ransomware was paid out in crypto last year, the largest on record and an estimate the firm called “conservative”. Ransomware incidents are often under-reported, as many firms prefer to quietly contain the fallout.

While total payouts have risen substantially over 2022 – when Chainalysis recorded a 40 per cent decline owing to disruptions from the Russia-Ukraine war – Palo Alto Networks found evidence that organisations are seeing some success in pushing back.

Median ransom demands were up 3 per cent last year to US$695,000 from US$650,000 in 2022, but median payouts fell 32 per cent to US$237,500 from US$350,000, according to the report. The discrepancy may be the result of effective negotiations from incident response teams, the report said.

“Ransomware attackers were highly motivated in 2023,” Fung said during the briefing. Attackers have also turned to more cutting-edge tools like generative AI to scale up their operations. This technology can help attackers find more vulnerabilities and develop malware. They are also using less noticeable and more automated methods of exploiting system weaknesses.

The median time from a system’s initial compromise to the exfiltration of data was down to just two days in 2023, a 45 per cent decline from the nine days it took in 2021.

Every Saturday

Hong Kong Update Newsletter

Our weekly round-up of the best news, stories and opinion from Hong Kong.